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Continued Examination Under 37 CFR 1.114 

1. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
September 11 th , 2009 has been entered. Claims 1-7, 10-18, 21-22, and 24-45 are 
presented for the further examination. Applicant has cancelled claims 8, 9, and 19 by 
this amendment. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1-19, 21-22, and 24-45 have been 
considered but are moot in view of the new ground(s) of rejection. 

Claim Objections 

3. Claim objection in previous office action has been withdrawn due to claim 
amendment. 

Claim Rejections - 35 USC § 101 

4. Claims 27-29 are rejected under 35 U.S.C. 101 in previous office action has been 
withdrawn due to claim amendment. 
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Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 1 -7, 10-18, 21-22, and 24-45 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Bosley et al US Patent Number 7,054,867 (hereinafter Bosley), 
Zenchelsky et al US Patent Number 6,233,686 B1 (hereinafter Zenchelsky) and further 
in view of Bommareddy et al US Patent Number 6,880,089 (hereinafter Bommareddy). 

As per claim 10, Bosley discloses determining, by the first processing unit (see 
Figure 1, column 5, lines 11-21), whether the N-tuple address is within an N-tuple space 
assigned or multi-dimensional space (see figure 2, column 6, line 30- column 7, line 30) 
to the first processing unit based on a quadrant identifier value [hash value based on 
number of bit of that represented as hypercube, see figures 2-6, column 6, line 30- 
column 7, line 50, see column 9, lines 4-24 for the address space corresponds to range 
of address ] assigned to the first processing unit, wherein the N-tuple space assigned to 
each of the plurality of processing units is different, and wherein the quadrant identifier 
is determined using a hash function (see figures 2-6 for quadrant identifier, column 6, 
line 30- column 7, line 50, see column 9, lines 4-24); determining that the N-tuple 
address is within the N-tuple space assigned to the first processing unit (Routing, see 
Figurel , column 5, lines 3-1 1 , ); determining, when the N-tuple address is not within the 
N-tuple space assigned to the first processing unit (see figures 2-6, column 6, line 30- 
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column 7, line 50, see column 9, lines 4-24 for the address space corresponds to range 
of address ). 

However, Bosley is silent about firewall node for processing a packet based on 
modified address wherein one of the firewall node is selected from the cluster of firewall 
nodes within a single network. 

Zenchelsky teaches one of the firewall nodes for processing a packet (see 
Abstract, figure 2, column 2, lines 52-67, column 3,lines 21-40);receiving and reading, 
the received packet (see Abstract, figure 2-3, column 2, lines 52-67, column 3, lines 21- 
40);a modified address based on the space assigned to the first processing unit, such 
that the modified address does not conflict with addresses assigned by any of the other 
plurality of processing units and sending the packet based on the modified address (see 
Abstract, figures 5a-5b, column 2, lines 52-67, column 3, lines 21-67, for assigning 
different IP address from IP pool and/or updating the user IP address each time user 
access authenticated, see column 8, lines 1-36 and figure 8A -8C for packet 
transmission based on peer-in / peer- out hash table based on rule identifier). 

Bommareddy teaches a firewall cluster within the single network (see figures 1, 
4, and 8, column 1, line 66 - column 2, line 60, column 3, line 1 - column 4, line 58, 
column 6, line 13 - column 8, line 45, column 9, line 5 - column 10, line 67) and 
processing the set of data packet from first packet from first address to second 
address wherein the second address being within a range of addresses assigned by 
firewall cluster ((see figures 1, 4, and 8, column 1, line 66 - column 2, line 60, column 3, 
line 1 - column 4, line 58, column 6, line 13 - column 8, line 45, column 9, line 5 - 
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column 10, line 67, column 11, lines 9-65, column, column 15, line 40 - column 18, line 
36)). 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to combine the teachings of Bosley, Zenchelsky and 
Bommareddy to provide a enhanced packet switched data handling method to a high 
speed network device securely switching data between the high speed network devices 
communicating behind the firewall clustering system using a enhanced hash function 
and arithmetic operations whereas the firewall cluster system being configured to 
operate in manner that creates or configures a firewall cluster on both internal and 
external network flow controllers to monitor the health of firewalls by probing firewall 
data packets through both internal and external firewalls whereas the flow controllers 
distribute traffic based on the source and destination IP addresses of a packet and 
ensuring that all IP-based protocols are supported and within the range of IP based 
protocols and repeating the same method steps until all data packets has been 
processed or securely transmitted to the destination port. 

AS per claim 11, Zenchelsky teaches reading as the N-tuple address, a plurality 
of values from the received packet.(see Abstract, figures 5a-5b, column 2, lines 52-67, 
column 3, lines 21-67, see column 8, lines 1-36 and figure 8A -8C for packet 
transmission based on peer-in / peer- out hash table based on rule identifier). 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to combine the teachings of Bosley, Zenchelsky and 
Bommareddy to provide a enhanced packet switched data handling method to a high 
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speed network device securely switching data between the high speed network devices 
communicating behind the firewall clustering system using a enhanced hash function 
and arithmetic operations whereas the firewall cluster system being configured to 
operate in manner that creates or configures a firewall cluster on both internal and 
external network flow controllers to monitor the health of firewalls by probing firewall 
data packets through both internal and external firewalls whereas the flow controllers 
distribute traffic based on the source and destination IP addresses of a packet and 
ensuring that all IP-based protocols are supported and within the range of IP based 
protocols and repeating the same method steps until all data packets has been 
processed or securely transmitted to the destination port. 

As per claim 12, Zenchelsky teaches reading at least a source port, ( see 
Abstract, see column 1 . lines 27-65) . 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to combine the teachings of Bosley, Zenchelsky and 
Bommareddy to provide a enhanced packet switched data handling method to a high 
speed network device securely switching data between the high speed network devices 
communicating behind the firewall clustering system using a enhanced hash function 
and arithmetic operations whereas the firewall cluster system being configured to 
operate in manner that creates or configures a firewall cluster on both internal and 
external network flow controllers to monitor the health of firewalls by probing firewall 
data packets through both internal and external firewalls whereas the flow controllers 
distribute traffic based on the source and destination IP addresses of a packet and 
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ensuring that all IP-based protocols are supported and within the range of IP based 
protocols and repeating the same method steps until all data packets has been 
processed or securely transmitted to the destination port. 
13.-15. (Cancelled). 

As per claim 16, Bosley discloses determining the quadrant identifier value based 
on a hash function and a modulo division [hash value based on number of bit of that 
represented as hypercube, the person skill in the art would recognize such hash value 
generation based on hash function and a modulo division, see figures 2-6, column 6, 
line 30- column 7, line 50, see column 9, lines 4-24 ]. 

As per claim 17, Bosley discloses adding a value to the N-tuple address, such 
that the modified N-tuple address is within the N-tuple space assigned to the first 
processing unit (see column 12, lines 12-41, adding node based on hash). 

18.-20. (Cancelled). 

As per claim 21, Bosley discloses using a computer as the first processing unit 
(see Figure 1 , column 5, lines 11-21). 

As per claim 22, Bosley discloses routing using a router as the first processing 
unit (see column 4, line 40- column 5, line 53, routing). 

23. (Cancelled). 

As per claims 1-7, 27-28, and 30-36, claims 1-7, 27-28, and 30-36 are system 
claims of method claims 10-18. They do not teach or further define the limitation as 
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recited in claims 10-18. Therefore, claims 1-7, 27-28, and 30-36 are rejected under 
same rationale as discussed in claims 10—18, supra. 

As per claims 24-26, claims 24-26 do not teach or further define the limitation as 
recited in claims 10-18. Therefore, claims 24-26 are rejected under same rationale as 
discussed in claims 10 — 18, supra. 

As per claims 29 and 37, claims 29 and 37 are firewall cluster claims of method 
claims 10-18. They do not teach or further define the limitation as recited in claims 10- 
18. Therefore, claims 29 and 37are rejected under same rationale as discussed in 
claims 10—18, supra. 

As per claims 38-45, claims 38-45 are computer readable storage medium 
claims of method claims 10-18. They do not teach or further define the limitation as 
recited in claims 10-18. Therefore, claims 38-45 are rejected under same rationale as 
discussed in claims 10—18, supra. 

Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See accompanying PTO 892 form. 

a. System and method for detecting and countering a network attack by 
Etheridge et al. US Publication Number 2004/0054925 A1 . 

b. Hash-based systems and methods for detecting, preventing, and tracing 
network worms and viruses by Milliken US Publication Number 2003/0115485 
A1. 
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c. Dynamic packet filter utilizing session tracking by Goldberg et al. US 
Publication Number 2004/001 31 1 2 A1 . 

d. IP datagram over multiple queue pairs by Graham et al. US Patent 
Number 7,133,405 B2. 

e. Handling packet fragments in a distributed network service environment 
by Albert et al. US Patent Number 6,742,045 B1 . 

8. A shortened statutory period for reply to this non-final action is set to expire 
THREE MONTHS from the mailing date of this action. Failure to respond within the 
period for response will result in ABANDONMENT of the applicant (See 35 U.S.C 133, 
M.P.E.P 710.02,71002 (b)). 

Contact Information 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Saket K. Daftuar whose telephone number is 571-272- 
8363. The examiner can normally be reached on 8:30am-5:00pm M-W. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on 571-272-3964. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
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you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Saket K Daftuar/ 
Examiner, Art Unit 2451 
/John Follansbee/ 

Supervisory Patent Examiner, Art Unit 2451 



